That doesn't sound very likely! With the vulnerability classified as "Remotely exploitable" and allowing a denial of service without authentication it sounded like something a user could do.
thanks for the read, Chris ---------- Original Message ---------------------------------- From: Dave Watts <[EMAIL PROTECTED]> Reply-To: cf-talk@houseoffusion.com Date: Thu, 25 Jan 2007 12:59:51 -0500 >> Yes ... and 1.4.2_11 has a low-rated security vulnerability. >> >> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-1301 >> >> http://sunsolve.sun.com/search/document.do?assetkey=1-26-102732-1 > >It appears that the vulnerability only applies to running remote code, which >is quite unlikely in the case of a CF server, unless you also browse sites >from the server console, and those sites use Java applets, and your browser >uses the same JVM as CF uses. > >Dave Watts, CTO, Fig Leaf Software >http://www.figleaf.com/ > >Fig Leaf Software provides the highest caliber vendor-authorized >instruction at our training centers in Washington DC, Atlanta, >Chicago, Baltimore, Northern Virginia, or on-site at your location. >Visit http://training.figleaf.com/ for more information! > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 & MX7 integration & create powerful cross-platform RIAs http:http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:267706 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
